Revised fix to: Bug 2253675 - Make key wrapping algorithm configurabl…

…e between AES-KWP and AES-CBC [RHCS 10.4].

We found an issue with scp01 recovery with said fix. This patch addresses this such that both scp01 and scp03 recovery should now work.

base/kra/src/main/java/com/netscape/kra/NetkeyKeygenService.java

@@ -438,6 +438,7 @@ public boolean serviceRequest(IRequest request)
                     logger.debug(method + " attemptedAesKeyWrap = true ");
                 } else {
                     algParam = desAlgParam;
+                    iv_s = org.mozilla.jss.netscape.security.util.Utils.SpecialEncode(iv);
                     logger.debug(method + " attemptedAesKeyWrap = false ");
                 }
 

base/kra/src/main/java/com/netscape/kra/TokenKeyRecoveryService.java

@@ -309,10 +309,11 @@ public synchronized boolean serviceRequest(IRequest request) throws EBaseExcepti
 
             // unwrap the des key
             try {
+                logger.debug("TokenKeyRecoveryService: received DRM-trans-wrapped des key: length: " + wrapped_des_key.length);
                 sk = (PK11SymKey) mTransportUnit.unwrap_sym(wrapped_des_key, wrapParams);
                 logger.debug("TokenKeyRecoveryService: received des key");
             } catch (Exception e) {
-                logger.debug("TokenKeyRecoveryService: no des key");
+                logger.debug("TokenKeyRecoveryService: no des key: " + e);
 
                  if(!useAesTransWrapped) {
                         request.setExtData(IRequest.RESULT, Integer.valueOf(4));

base/tps/src/main/java/org/dogtagpki/server/tps/cms/KRARemoteRequestHandler.java

@@ -295,8 +295,8 @@ public KRARecoverKeyResponse recoverKey(
 
         String sendMsg = null;
         try {
-            String desPart = " ";
-            String aesPart = " ";
+            String desPart = "";
+            String aesPart = "";
 
             if(sDesKey != null) {
                 desPart = "&" + IRemoteRequest.KRA_Trans_DesKey + "=" + sDesKey;
@@ -328,6 +328,7 @@ public KRARecoverKeyResponse recoverKey(
                         aesWrapAlg;
 
             }
+            //logger.debug("KRARemoteRequestHandler: recoverKey(): outgoing: " + sendMsg);
         } catch (Exception e) {
             logger.debug("KRARemoteRequestHandler: recoverKey(): uriEncode failed: " + e);
             throw new EBaseException("KRARemoteRequestHandler: recoverKey(): uriEncode failed: " + e);